DOJ and SEC Release Updated Guidance On The FCPA

By Emlyn Mandel.

The Foreign Corrupt Practices Act doesn’t ensnare just those involved in foreign corruption. It also can cover conduct in the United States that has nothing to do with either foreign officials or bribery schemes. So the recent release of the government’s new edition of the FCPA Resource Guide is worth noting even for those staying close to home.

The FCPA has two main components: an anti-bribery provision, which prohibits bribery of foreign officials, and accounting provisions, which require certain reporting companies to keep accurate books and records and maintain a system of internal accounting controls. The FCPA can be prosecuted both criminally by the U.S. Department of Justice and civilly by the Securities and Exchange Commission. In July 2020, the DOJ and SEC released the Second Edition to the FCPA Resource Guide, a manual relied upon heavily by practitioners and businesses in navigating the FCPA.[1] The release marks the first substantive update to the Resource Guide since the First Edition was published in 2012. The Resource Guide is particularly valuable given the dearth of case law interpreting the FCPA.

The Second Edition reflects updates in the law over the past eight years in a number of different areas, including the definition of the term “foreign official;” the jurisdictional reach of the FCPA; the FCPA’s “foreign written laws” affirmative defense; the mens rea requirement and statute of limitations for criminal violations of the accounting provisions; updated data, statistics, and case examples; and new policies applicable to the FCPA that have been announced over the past several years by the DOJ and SEC.

A number of these changes are particularly noteworthy.

Insight on Who Can Be Prosecuted Under the FCPA

The jurisdictional reach of the FCPA has long been subject to debate. The anti-bribery provision of the FCPA lays out several categories of persons over whom the government may exercise jurisdiction, including “domestic concerns” (any individual who is a citizen, national, or resident of the United States or a business organized under United States law or with its principal place of business in the United States), no matter where in the world they act; companies issuing securities regulated by federal law (“issuers”), no matter where in the world they act; any officer, director, employee, or agent of a domestic concern or issuer, no matter where in the world they act; and foreign persons (including foreign nationals and companies) acting in the territory of the United States.[2] The Resource Guide now mentions a recent Second Circuit case that had the effect of limiting jurisdiction, United States v. Hoskins.[3] Hoskins held that a nonresident foreign national who was not an agent of a United States company and who acted outside American territory to allegedly participate in a foreign bribery scheme could not be liable for conspiracy to violate the FCPA, since such an individual was not in the class of individuals capable of committing a substantive FCPA violation. However, the government’s willingness to be guided by Hoskins in bringing future conspiracy prosecutions or enforcement actions is unclear, as the Resource Guide acknowledges conflicting authority from another jurisdiction.

Nevertheless, the Resource Guide does make some edits that align with the Hoskins holding. While the Resource Guide still asserts that a foreign national who engages in activity in American territory, such as by attending a meeting in the United States that furthers a foreign bribery scheme, may be subject to prosecution, it conspicuously removes language from the prior version that previously indicated “any co-conspirators, even if they did not themselves attend the meeting” may be subject to prosecution. It also removes the statement that a foreign national or company may be liable if she or it assists an issuer, regardless of whether the foreign national or company itself takes any action in the United States. In doing so it acknowledges that there is a limit to those whom the FCPA can reach.

Contrary to the specific delineations in the anti-bribery provision, the accounting provisions apply to “any person.”[4] In that vein, the Resource Guide points out that the Hoskins holding does not extend to violations of the FCPA’s accounting provisions – an indication that the DOJ and SEC are likely to continue prosecuting violations of the accounting provisions even without an accompanying bribery charge. This is not new – a number of the options backdating cases of the 2000s were based in part on the FCPA.  The DOJ’s willingness to continue to bring charges based on the FCPA’s accounting provision is evident in, for example, the deferred prosecution agreement (“DPA”) between the DOJ and Novartis AG announced at the end of June 2020.  While one Novartis subsidiary was charged with violations of both the anti-bribery and the accounting provisions, former Novartis AG subsidiary Alcon Pte. Ltd. was charged only with conspiracy to violate the accounting provision.[5]

Definition of “Instrumentality” Within The Definition of “Foreign Official”

The FCPA’s anti-bribery provision prohibits corrupt payments to “any foreign official.” The FCPA defines “foreign official” as “any officer or employee of a foreign government or any department, agency, or instrumentality thereof,”[6] a standard that can be difficult to evaluate given the sometimes murky intersection of government and business in countries such as China. The Resource Guide now incorporates important case law from the Eleventh Circuit that defines “instrumentality” as “an entity controlled by the government of a foreign country that performs a function the controlling government treats as its own.”[7] Esquenazi provided a list of five non-exhaustive factors that courts should consider in a fact-based analysis of whether the government “controls” an entity: the foreign government’s formal designation of that entity; whether the government has a majority interest in the entity; the government’s ability to hire and fire the entity’s principals; the extent to which the entity’s profits, if any, go directly into the governmental fiscal accounts, and, by the same token, the extent to which the government funds the entity if it fails to break even; and the length of time these indicia have existed. Esquenazi also provided a list of four non-exhaustive factors regarding whether the entity performs a function the government “treats as its own”: whether the entity has a monopoly over the function it exists to carry out; whether the government subsidizes the costs associated with the entity providing services; whether the entity provides services to the public at large in the foreign country; and whether the public and the government of that foreign country generally perceive the entity to be performing a governmental function.

The Resource Guide notes that companies should consider these factors when evaluating the risk of FCPA violations and designing compliance programs.

Clarification of the Statute of Limitations and Mental State Requirement for Criminal Violations of Accounting Provisions

While criminal violations of the anti-bribery provisions carry a five-year statute of limitations,[8] the Resource Guide clarifies that criminal violations of the accounting provisions carry a six-year statute of limitations.[9] In contrast, the statute of limitations is five years in civil cases brought by the SEC.[10]

In addition, the Resource Guide explains that, for criminal violations of the accounting provisions, prosecutors must show the violation was done “knowingly and willfully” rather than only “knowingly” as provided in the First Edition. This difference matters, as it provides a higher mens rea bar for prosecutors to meet. The Resource Guide acknowledges that “willfully” is not defined in the FCPA but remarks that it has generally been construed by courts to connote an act committed voluntarily and purposefully and with a bad purpose, i.e., with “knowledge that [a defendant] was doing a ‘bad’ act under the general rules of law.” However, the government need not prove that the defendant was specifically aware of the FCPA or knew that his conduct violated the FCPA.

More Detail On What Makes An Effective Compliance Program

Even if it doesn’t prevent an FCPA violation, a company’s compliance program can have a major impact on the government’s charging and sentencing decisions.[11] The Resource Guide now clarifies that “a company’s internal accounting controls are not synonymous with a company’s compliance program,” although the components may overlap. It states that, “[t]he truest measure of an effective compliance program is how it responds to misconduct.” According to the Resource Guide, an effective compliance program should have a well-functioning and appropriately funded mechanism to investigate wrongdoing, including analyzing root causes of the misconduct and integrating lessons learned.

In addressing successor liability, the Resource Guide explicitly acknowledges the potential benefits of corporate mergers and acquisitions in stemming corporate corruption, particularly when the acquiring entity has a robust compliance program in place and implements that program as quickly as possible. It goes on to state that in certain instances robust pre-acquisition due diligence may not be possible and, in those cases, timely discovery and remediation by an acquiring entity can help avoid successor liability. On the other hand, the potential pitfalls of successor liability are evident in a recent SEC settlement with Novartis AG, where the company’s failure to stop improper post-merger payments contributed to the SEC’s decision to prosecute the company.[12] 

Incorporation of Recent DOJ and SEC Policies

Over the past several years the DOJ and SEC have rolled out several new policies, which the Resource Guide now expressly incorporates.

FCPA Corporate Enforcement Policy. This policy provides that, where a company voluntarily self-discloses misconduct, fully cooperates, and timely and appropriately remediates, there will be a presumption that DOJ will decline prosecution of the company absent aggravating circumstances. The Resource Guide adds three examples of declinations from the past few years, including instances where high-level corporate officers were involved, reinforcing how important self-disclosure, cooperation, and remediation can be.

Selection of Monitors in Criminal Division Matters. The Resource Guide now incorporates the DOJ’s guidance in determining whether to impose an independent corporate monitor as part of a company’s resolution. It notes that appointment of a monitor is not appropriate in all circumstances and should never be imposed for punitive purposes. A monitor may be appropriate, for example, where a company does not already have an effective internal compliance program or needs to establish necessary internal controls. DOJ’s guidance provides that, in determining whether to impose a monitor as part of a corporate resolution, prosecutors should assess (1) the potential benefits that employing a monitor may have for the corporation and the public, and (2) the cost of a monitor and its impact on the operations of a corporation.

Anti-Piling On Policy. The DOJ and SEC can coordinate responses with other authorities to avoid “piling on” with those who are prosecuting the same company for misconduct, which policy includes giving credit for penalties paid to other authorities both foreign and domestic.

Criminal Division’s Evaluation of Corporate Compliance Programs. This policy guides prosecutors in deciding whether the corporation’s compliance program was effective at the time of the offense and is effective at the time of a charging decision or resolution. These determinations can have a significant impact on  the appropriate form of any resolution or prosecution, monetary penalty, and compliance obligations contained in any corporate criminal resolution. The three overarching questions that prosecutors ask to evaluate a company’s compliance program are: (1) Is the program well designed? (2) Is the program adequately resourced and empowered to function effectively? and (3) Does the program work in practice?[13]


The Resource Guide remains non-binding, but DOJ prosecutors and SEC enforcement attorneys will give significant weight to this guidance in determining whether to bring charges (and against whom) and how to resolve them. So this update provides valuable information for practitioners and enterprises in both proactively creating effective compliance policies and defending prosecutions or enforcement actions brought under the FCPA. It’s always a good idea to conduct periodic assessments of your company’s compliance program to ensure that it is appropriate to the company’s risk and that it is functioning effectively. With this enhanced guidance from the DOJ and SEC, now is an opportune time to check in.

For further information on the topic covered in this alert or for general FCPA or compliance guidance, contact Coblentz White Collar Defense & Investigations attorneys Timothy P. Crudo at or Emlyn Mandel at


[2] 15 U.S.C. §§ 78dd-1(a); 78dd-2(a); 78dd-2(h)(1)(A); 78dd-2(h)(1)(B).

[3] 902 F.3d 69, 76-97 (2d Cir. 2018).

[4] 15 U.S.C. § 78ff(a).


[6] 15 U.S.C. § 78dd-1(f)(1)(A).

[7] United States v. Esquenazi, 752 F.3d 912, 920-32 (11th Cir. 2014).

[8] 18 U.S.C. § 3282(a).

[9] 18 U.S.C. § 3301(b).

[10] 28 U.S.C. § 2462.

[11] See U.S. Sentencing Commission Guidelines Manual (2018), §8B2.1 (discussing effective compliance and ethics program) available at; U.S. DOJ Justice Manual, 9-47.120 FCPA Corporate Enforcement Policy available at

[12] at para. 24.